diff --git a/README.md b/README.md index 204211dd4..0250afcb3 100644 --- a/README.md +++ b/README.md @@ -313,7 +313,8 @@ The following table lists the configurable parameters of the Harbor chart and th | `database.internal.image.repository` | Repository for database image | `goharbor/harbor-db` | | `database.internal.image.tag` | Tag for database image | `dev` | | `database.internal.password` | The password for database | `changeit` | -| `database.internal.existingSecret` | An existing password containing the database password. the key must be `password`. | `""` | +| `database.internal.existingSecret` | An existing secret containing the database password. | `""` | +| `database.internal.existingSecretKey` | The existing secrets key for database password | `""` | | `database.internal.shmSizeLimit` | The limit for the size of shared memory for internal PostgreSQL, conventionally it's around 50% of the memory limit of the container | `512Mi` | | `database.internal.resources` | The [resources] to allocate for container | undefined | | `database.internal.automountServiceAccountToken` | Mount serviceAccountToken? | `false` | @@ -330,7 +331,8 @@ The following table lists the configurable parameters of the Harbor chart and th | `database.external.username` | The username of external database | `user` | | `database.external.password` | The password of external database | `password` | | `database.external.coreDatabase` | The database used by core service | `registry` | -| `database.external.existingSecret` | An existing password containing the database password. the key must be `password`. | `""` | +| `database.external.existingSecret` | An existing password containing the database password. | `""` | +| `database.external.existingSecretKey` | The existing secrets key for database password | `""` | | `database.external.sslmode` | Connection method of external database (require, verify-full, verify-ca, disable) | `disable` | | `database.maxIdleConns` | The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. | `50` | | `database.maxOpenConns` | The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. | `100` | diff --git a/templates/core/core-dpl.yaml b/templates/core/core-dpl.yaml index 0be68e814..dc4f53fcd 100644 --- a/templates/core/core-dpl.yaml +++ b/templates/core/core-dpl.yaml @@ -125,14 +125,14 @@ spec: valueFrom: secretKeyRef: name: {{ .Values.database.external.existingSecret }} - key: password + key: {{ .Values.database.external.existingSecretKey | default "password" }} {{- end }} {{- if and (eq .Values.database.type "internal") .Values.database.internal.existingSecret }} - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.database.internal.existingSecret }} - key: password + key: {{ .Values.database.internal.existingSecretKey | default "password" }} {{- end }} {{- if .Values.registry.credentials.existingSecret }} - name: REGISTRY_CREDENTIAL_PASSWORD diff --git a/templates/core/core-pre-upgrade-job.yaml b/templates/core/core-pre-upgrade-job.yaml index ce0b13134..1f1dd86f0 100644 --- a/templates/core/core-pre-upgrade-job.yaml +++ b/templates/core/core-pre-upgrade-job.yaml @@ -46,11 +46,11 @@ spec: valueFrom: secretKeyRef: name: {{ .Values.database.external.existingSecret }} - key: password + key: {{ .Values.database.external.existingSecretKey | default "password" }} {{- end }} {{- if not (empty .Values.containerSecurityContext) }} securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 10 }} - {{- end }} + {{- end }} volumeMounts: - name: config mountPath: /etc/core/app.conf diff --git a/templates/core/core-secret.yaml b/templates/core/core-secret.yaml index 521fcdc8a..7bca372a0 100644 --- a/templates/core/core-secret.yaml +++ b/templates/core/core-secret.yaml @@ -21,7 +21,7 @@ data: {{- if not .Values.existingSecretAdminPassword }} HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }} {{- end }} - {{- if and (not .Values.database.external.existingSecret) (not .Values.database.internal.existingSecret) }} + {{- if and (not .Values.database.internal.existingSecret) (not .Values.database.external.existingSecret) }} POSTGRESQL_PASSWORD: {{ template "harbor.database.encryptedPassword" . }} {{- end }} {{- if not .Values.registry.credentials.existingSecret }} diff --git a/templates/exporter/exporter-dpl.yaml b/templates/exporter/exporter-dpl.yaml index 3c4c1c88e..03e3136ba 100644 --- a/templates/exporter/exporter-dpl.yaml +++ b/templates/exporter/exporter-dpl.yaml @@ -77,19 +77,22 @@ spec: - secretRef: name: "{{ template "harbor.exporter" . }}" env: + {{- with .Values.exporter.extraEnvVars }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- if and (eq .Values.database.type "external") .Values.database.external.existingSecret }} - name: HARBOR_DATABASE_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.database.external.existingSecret }} - key: password + key: {{ .Values.database.external.existingSecretKey | default "POSTGRES_PASSWORD" }} {{- end }} {{- if and (eq .Values.database.type "internal") .Values.database.internal.existingSecret }} - name: HARBOR_DATABASE_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.database.internal.existingSecret }} - key: password + key: {{ .Values.database.internal.existingSecretKey | default "POSTGRES_PASSWORD" }} {{- end }} {{- if .Values.existingSecretAdminPassword }} - name: HARBOR_ADMIN_PASSWORD @@ -101,10 +104,6 @@ spec: {{- if .Values.exporter.resources }} resources: {{ toYaml .Values.exporter.resources | indent 10 }} -{{- end }} -{{- with .Values.exporter.extraEnvVars }} - env: -{{- toYaml . | nindent 10 }} {{- end }} {{- if not (empty .Values.containerSecurityContext) }} securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 10 }} diff --git a/values.yaml b/values.yaml index f362085b0..919be2b2e 100644 --- a/values.yaml +++ b/values.yaml @@ -875,8 +875,10 @@ database: priorityClassName: # The initial superuser password for internal database (ignored if existingSecret is set) password: "changeit" - # if using existing secret, the key must be "password" + # if using existing secret existingSecret: "" + # secret key name if using existing secret (defaults to `password`) + existingSecretKey: "" # The size limit for Shared memory, pgSQL use it for shared_buffer # More details see: # https://github.com/goharbor/harbor/issues/15034 @@ -898,8 +900,10 @@ database: username: "user" password: "password" coreDatabase: "registry" - # if using existing secret, the key must be "password" + # if using existing secret existingSecret: "" + # secret key name if using existing secret (defaults to `password`) + existingSecretKey: "" # "disable" - No SSL # "require" - Always SSL (skip verification) # "verify-ca" - Always SSL (verify that the certificate presented by the